Analisis Kerentanan Keamanan Website Sekolah Menggunakan Metode Vulnerability Assessment Berbasis OWASP ZAP
DOI:
https://doi.org/10.70052/jka.v4i2.1370Keywords:
Keamanan website, Vulnerability assessment, OWASP ZAP, KerentananAbstract
Perkembangan teknologi informasi yang pesat telah mendorong pemanfaatan website dalam berbagai sektor, termasuk pada lingkungan pendidikan sebagai media penyampaian informasi dan layanan akademik. Website sekolah berperan penting dalam pengelolaan data dan akses informasi secara daring, namun juga rentan terhadap berbagai ancaman keamanan siber. Oleh karena itu, diperlukan pengujian keamanan secara terstruktur untuk mengidentifikasi celah yang berpotensi disalahgunakan. Penelitian ini bertujuan untuk menganalisis tingkat kerentanan keamanan pada website sekolah menggunakan metode vulnerability assessment berbasis OWASP. Proses pengujian dilakukan dengan memanfaatkan tools OWASP ZAP sebagai vulnerability scanner melalui tahapan scanning, analisis kerentanan, dan pelaporan hasil berdasarkan standar OWASP Top 10. Hasil pengujian menunjukkan ditemukan 1 kerentanan kategori high, 8 kerentanan kategori medium, dan 6 kerentanan kategori low yang menunjukkan masih terdapat celah keamanan pada website yang perlu segera diperbaiki. Oleh karena itu, diperlukan tindakan mitigasi melalui validasi input, peningkatan kontrol akses, serta konfigurasi keamanan server guna meningkatkan keamanan sistem secara keseluruhan.
The rapid development of information technology has encouraged the utilization of websites in various sectors, including the educational environment as a medium for delivering information and academic services. School websites play an important role in managing data and providing online access to information; however, they are also vulnerable to various cybersecurity threats. Therefore, structured security testing is required to identify potential vulnerabilities that could be exploited. This study aims to analyze the level of security vulnerabilities in a school website using an OWASP-based vulnerability assessment method. The testing process was conducted using the OWASP ZAP tool as a vulnerability scanner through several stages, including scanning, vulnerability analysis, and reporting based on the OWASP Top 10 standard. The results of the testing showed that there was 1 high-risk vulnerability, 8 medium-risk vulnerabilities, and 6 low-risk vulnerabilities, indicating that the website still contains security gaps that need immediate attention. Therefore, mitigation efforts are required through input validation, improved access control, and proper server security configuration to enhance the overall security of the system.
References
A. S. Rosa dan M. Shalahuddin, Rekayasa Perangkat Lunak Terstruktur dan Berorientasi Objek. Bandung: Informatika, 2018.
B. Raharjo, Keamanan Sistem Informasi Berbasis Internet. Bandung: Informatika, 2019.
W. Stallings, Network Security Essentials: Applications and Standards, 6th ed. Boston: Pearson, 2017.
OWASP Foundation, “OWASP Top 10 Web Application Security Risks,” 2021. [Online]. Available: https://owasp.org/www-project-top-ten/. [Accessed: 20-May-2026].
Badan Siber dan Sandi Negara, “Laporan Tahunan Keamanan Siber Indonesia,” BSSN, Jakarta, 2023.
D. Stuttard dan M. Pinto, The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws, 2nd ed. Indianapolis: Wiley Publishing, 2011.
OWASP Foundation, “OWASP Zed Attack Proxy (ZAP),” 2024. [Online]. Available: https://www.zaproxy.org/. [Accessed: 20-May-2026].
R. Munadi, “Analisis Keamanan Website Menggunakan OWASP ZAP,” Jurnal Teknologi Informasi dan Komunikasi, vol. 10, no. 2, hal. 45–52, 2022. DOI: https://doi.org/10.35870/jti.v10i2.124
A. Yasin dan M. Fauzan, “Implementasi Vulnerability Assessment pada Website Menggunakan OWASP,” Jurnal Informatika, vol. 8, no. 1, hal. 12–20, 2021. DOI: https://doi.org/10.31311/ji.v8i1.9211
S. Ariyanto, “Pengujian Keamanan Website dengan Metode Penetration Testing dan OWASP,” Jurnal Ilmiah Komputer, vol. 5, no. 3, hal. 88–95, 2020. DOI: https://doi.org/10.33322/jik.v5i3.1012
R. Pressman, Software Engineering: A Practitioner’s Approach, 8th ed. New York: McGraw-Hill, 2015.
N. Provos dan P. Honeyman, “Detecting Stealthy Portscans,” in Proceedings of the 10th USENIX Security Symposium, Washington DC, USA, 2001, pp. 1–13. Available: https://www.usenix.org/conference/10th-usenix-security-symposium/detecting-stealthy-portscans
A. Saputra dan E. Pratama, “Analisis Kerentanan Website Sekolah Menggunakan OWASP ZAP,” Jurnal Sistem Informasi dan Teknologi, vol. 4, no. 2, hal. 101–109, 2023. DOI: https://doi.org/10.35134/jsisfotek.v4i2.210
K. Scarfone dan P. Mell, “Guide to Intrusion Detection and Prevention Systems,” NIST Special Publication 800-94, 2012. DOI: https://doi.org/10.6028/NIST.SP.800-94
M. Whitman dan H. Mattord, Principles of Information Security, 7th ed. Boston: Cengage Learning, 2021.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Nur Fadhillatur Rahmadayanti, Muhlis Tahir, Ayu Sanusih (Author)

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.





